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1. Introduction 

The X-ralrulus of Church (treated throughly in [HAR80]) is a system for denoting 
functions. For example, the identity function is represented in this system as \x.x, 
and the function which adds 1 to its argument is represented as \x.x + 1. A more 
complicated example is the "double application" functional, whose arguments are 
themselves functions, and which acts by composing a function with itself. This is 
represented in the X-calculus as \f.\x.f(fx). 

For many years a model for the X-calculus could not be found, due to set theoretical 
difficulties. Finally, Scott was able to construct a structure which was generally agreed 
to be a model, using complete lattices [SCOTT76]. Many attempts were then made to 
give a clean characterization of what a model of the X-calculus was, these are detailed 
in [BAR80] and in [MEYER82]. 

These systems all have the property that any term can be interpreted as a function. 
This is necessary, since a model of the untyped X-calculus must make sense out of the 
application of any term to any other term. In fact any term can also be interpreted 
as a functional, that is, a function which maps functions to functions, and so on up 
through the type hierarchy. But this is not the behavior we want when we are using 
X-calculus to compute with integers. 

The problem is that there is nothing to distinguish the integers from the other 
terms. Suppose we use a X-calculus with constants for the integers and successor, 
suitably axiomatized. Then in any model, while it is true that the values of integers 
will behave correctly with respect to the value of successor, it is also true that the value 
of 3 applied to the value of 4 will be some value, and there is nothing in the language 
or the model that tells us that this is any different than successor applied to 3. This is 
not what we want. We want constants such as 3 to denote atomic values in all models. 
These are values that cannot be applied to anything without yielding an error. The 
constants that are used to denote atomic values will be called numerals. 

One method for computing with atomic values in the X-calculus is to add type 
information to the terms, to tell what kind of datum each subterm represents. This 
is approach taken in the typed X-calculus. In order for one term to be applied to a 



second, tlio type of I lie first term must be Functional, with the argument type matching 
the type of the second term. Terms representing atomic values do not have functional 
type, and therefore cannot be applied to anything. Typed X-calculus is dealt with 
thoroughly in an appendix to [Uak80]. 

In this treatment, we use a different approach to type errors. We will allow 
arbitrary applications in the language, however, certain terms will lead to run-time type 
errors when- evaluated. Our X-calculus will be untyped, and we will provide semantics 
so that the terms which lead to run-time type errors are precisely those terms which 
semantically denote an error value. We are motivated throughout by the language 
LISP, which has a X-calculus like syntax, but expresses computation on objects which 
do not necessarily denote functions (atoms and lists). See [WA.ND84] for a discussion 
of LISP. 

Since we are using untyped X-calculus, we will be able to draw on the results of 
[MEYER82], to provide a model. A system with error values for run-time type errors 
was also considered in [MILNER78], with a complete partial order semantics. 

In order to do useful computation with numerals, we will find that a condi- 
tional statement is needed. This will take the form: "if <terml> = <term2> then 
<term3> else <term4>." Without this construct, the expressive power is greatly 
reduced. However, there are many choices to be made in the behavior of this construct. 
Do we evaluate <terml> and <term2> sequentially, or in parallel? What happens 
if the evaluation of <terml> or <term2> leads to a run- time type error? Also, 
what notion of equality between terms do we use? The most strict notion is identity. 
Another notion is provable equality (under some, suitable axioms and proof rules). We 
will try to make choices that will result in a recursive evaluator and simple axioms for 
the proof system, while still giving us enough expressive power for programming. 

The language considered is an untyped X-calculus, with a conditional statement 
and error terms. The proof system is that of the classical X-calculus enriched with 
axioms to handle these new constructs, and to handle the properties of numerals. 

The class of models for this language is a special case of combinatory models 
[MEYER82]. A completeness theorem for the language is derived from the completeness 



theorem for the classical X-calculus[Mi:Yi:ilS2]. 

2. Syntax 

We will define an untyped X-calculus for computing with atoms. Our language 
will be an extension of the classical X-calculus of Church. Since we have occasion to 
refer to the classical X-calculus, we define it here. 

Definition: Let Var be an infinite set of variables. Let C be a set of constants. We 
define the set of terms A(C) by the following grammar, where t denotes an element of 
A(C), x denotes an element of Var, and c denotes an element of C: 

t::=x | c | J|*2 I Xx.t . 

We omit parentheses in the usual fashion. In particular, uvw abbreviates (uv)w, and 
Xzy.tt abbreviates \x\y.u. 

We now extend the language to express computations with atoms. An atom is a 
semantic object, which cannot be applied to anything else without yielding an error. 
An example of an atom might be the number 3 or 17, if we are talking about integers, 
or perhaps the list nil if we are talking about lists. In order to represent atoms in our 
language we introduce atomic constants. These are a special type of constant whose 
meaning can only be an atom. 

These are the base syntactic sets: 

Let Var be a set of variables. Typical elements are z, y, z. 

Let Con be a set of constants. Typical elements are ci,C2, . • . 

Let ACon be another set of constants (the atomic constants). Typical elements 

are a\,a<i, .... 

The three sets Var, Con, and ACon, must be pairwise disjoint. 

Out of these basic sets we build the "X-terms with atoms," called AT (for Atomic 
Terms). 

Definition: Let cond and * be new symbols. Then given ACon and Con we define the 
set AT(ACon,Con) as as A(ConUAConU{e°nd>*})- When there is no confusion, 
we will write simply AT. 



We define :in equntional calculus over AT by specifying axioms and rules of* proof. 

Definition: (Substitution) Free and bound variables are defined inductively, in the 
usual way. The expression \v/x]u, where u,v £ AT, x 6 Var denotes the result of 
substituting v for all free occurrences of x in u, with the usual proviso about renaming 
bound variables to avoid capture, i.e. before we substitute v for x in u, we change all 
the bound variables in u to be different from the free variables in v and then we replace 
every free occurrence of x with v. 

Definition: Two terms u and v are a- equivalent, if v results from u by renaming 
the bound variables in some subterm of u (avoiding capture). Following Barendregt 
[BAR80], we consider two terms that are a-equivalent equal on a syntactic level, that 
is, terms are considered modulo a-equivalence. For example, \x.yx and \z.yz are the 
same term. 



Here are the axiom schemes: 

(/?) (Xi.u)u = [v/x]u 

(E) uv = *, 

(Cl) condaavtu = v, 

(C2) condaia2Vtu = w t 

(C3) conduiU2«tu = *, 

(C4) condttiU2fu> = *, 

And here are the rules: 



(trans & sym) 
(cong) 



for u E ACon U{*}- 

for a 6 ACon. 

if oj,a2 € ACon, a\ and a% different. 

if either u\ or U2 is *. 

if either ui or U2 is of the form Xz.tt'. 

u = v 
u = v\ 
v = v 



u = u 
(u«y=ftiV) 

V = v 

Xi.u = Xz.v 



This proof systems requires a bit of discussion. The rules are just the usual rules 
taken from the classical X-calculus. Since we are committing to axiom scheme (/?), it 
follows that the language has a call-by-name parameter passing mechanism (as does 



classical X-calculus). This is to bo contrasted with the usual LISI' evaluator, which 
evaluates tlic arguments to a function first (call-by-value). The two strategies differ on 
a term such as (\xy.x)vv, where v is a term whose evaluation doesn't terminate. In the 
call-by-valuc evaluator, the evaluation of the whole term doesn't terminate, since the 
evaluator never gets done evaluating the arguments. Hut in a call-by-name evaluator, 
the term v is never evaluated, and the result of evaluating the term will be the result 
of evaluating u. 

This leaves axiom schemes (E) and (Cl) through (C4), which are connected with 
the behavior of type errors, and of cond. So what behavior do we want? This 
depends on our intended use of the language AT. In this treatment, we view AT as a 
programming language for writing programs "about" atoms. That is, when a program 
is given to the evaluator, there are three interesting things that might happen: 
(i) The evaluation of the program might terminate, resulting in a numeral, 
(ii) The evaluation of the program might lead to a run-time type error, 
(iii) The evaluation of the program might not terminate. 

This is not to say that a term such as Xiy.i is not interesting, rather, that its 
utility lies in its ability to be included in programs that will produce numerals. If 
we take this view, then the job of the evaluator is: "given a term, if it is equal to 
a numeral, find that numeral." In particular, if a term is not equal to a numeral, 
we don't care what the evaluator does, however, it would be nice if the evaluator 
terminates on as many terms as possible. More on this, when we discuss (C4) below. 
In the rest of this section, we will have need to discuss the properties of the intended 
evaluator. Later we will formally define an evaluator with these properties. (We are 
faced here with an expositional difficulty. I am reminded of a remark I heard at a 
philosophy seminar about Kant's Critique of Pure Reason [KANT29], namely, that he 
had many interesting things to say, and he said them all first. We might have defined 
the evaluator before the proof system, and equality in terms of the evaluator, and then 
defined a proof system which captures it. In fact, neither idea, that of the proof system 
nor the evaluator is really prior to the other. We want the axiom schemes to allow for 
a reasonable evaluator, i.e. one that is effective, and on the other hand, we want axiom 
schemes that make it relatively easy to reason about equality.) 



Now to the rest of the axioms. 

The purpose of having * in the language, is so wc can have a notation for run-time 
type errors. Our hope is to define an evaluator and a notion of tun-time type error, 
so that a term not containing * will be provably equal to * if and only if it causes 
a run-type type error when evaluated. There arc two kinds of type errors that can 
occur, and they correspond to those axioms schemes, that viewed as reductions have 
the effect of producing an *. These are (E), (C3), and (C4). (We could have introduced 
two symbols *| and *•> in order to distinguish between them, at the cost of complicating 
the axioms a little bit). 

First let us sec what (E) says. Actually, it is two axioms schemes combined. The 
first says that av = * if a is a numeral. This is one way a type error is created. 
It corresponds to an attempt by the evaluator to apply a numeral to a term. The 
second part, i.e. *u = * for any term u, corresponds to "leftmost" evaluation, and is 
needed to insure that type-errors propagate correctly. This is best illustrated by the 
two following examples. 

Consider the term auv, where a is a numeral. Recall that this is an abbreviation 
for [au)v. This is the sort of term that will cause a run-type type error, since the first 
operation of the evaluator will be to try to apply otou. Therefore our proof system 
should prove this term equal to *. By the first part of rule (E), we know that it is equal 
to *v. We need the second part to show that it is equal to *. 

Now consider the term (\xy.x)a(bu), where a and b are atoms. This illustrates that 
a term might not cause a run-time type error even though it has a subterm which is 
equal to *. The reason is that our evaluator will use (/?) to turn this into {\y.a)(bu), and 
then use [ft) again to turn it into a, which is the value of the term. The evaluator never 
"sees" that we are applying a numeral to a term, so there is no run-time type error. 
Note that in a call-by-value evaluator, since the arguments would have been evaluated 
first, the evaluator would indeed have encountered the type error. This illustrates our 
choice of the term "run-time type error" since this term would have a static type error 
in a language such as typed X-calculus. 

Now for the axioms about cond. The first two, (Cl) and (C2), are relatively 



unc-ontrovcrsial. They correspond to our intuition that conduiii-rt'i 1 ';! is a notation for 
"if u\ = u-> then V\ else v-j." 

Axiom scheme (CM) deals with the second kind of type error in the language. The 
first type error can be thought of as "trying to use an atom, where a function was I 
expected." The type error corresponding to (CM) is, in a sense the opposite. Actually, 
our intuition in the preceding paragraph is a bit wrong. The problem is that it is not 
clear that our proof system can tell for sure when two arbitrary terms arc not equal. 
Indeed, this relation for the classical X-calculus is O'l'-completc. So the intuition for 
cond expressed above is a bit ambitious. Here is a second try: condttiU2 u i u 2 means "if 
U| and u<2 are equal to the same numeral then v\, if they are equal to different numerals 
then v-i" 

But what about when one or both of them are not equal to numerals? The behavior 
we intend is that if the evaluator can determine that this situation exists, then a type 
error occurs. This brings up the question of when the evaluator can be sure that a 
term is not equal to a numeral. The answer we propose is when it is a X-abstraction, 
i.e. of the form \x.u. The purpose of (C4) is to produce such type errors. Why 
can't X- abstractions be equal to numerals? It is not due to semantic problems that we 
disallow it. Instead we disallow it for two reasons: first, it is not clear that we could get 
a well behaved reduction system (one with the Church-Rosser property, as defined in 
chapter 4), if we did allow it; second, it would go against our intuition of what is meant 
by a numeral. That is, a numeral is something that should not be applied to a term, 
while X- abstractions can be applied to terms by means of (/?). Once we have made this 
decision, we can structure our evaluator, so that if it tries to evaluate a X-abstraction 
at top level, it stops, since it knows that the term cannot be equal to a numeral. This 
allows evaluation to terminate on more terms than otherwise. 

Finally, the purpose of (C3) is to make sure that if the evaluator encounters a 
type error while evaluating one of the two terms to be compared, then the result of 
the whole thing is a type error. It is analogous to the *u = * part of (E) above. 

Note that these axioms require parallel evaluation of the terms to be compared in 
a cond. That is, if we have eonduiU2V]V2> an ^ the evaluation of Ui does not terminate, 
if the evaluation of u<> leads to a type error, then we want the whole term to be *. The 



same is true if wo reverse the roles of u\ and ?/•_>. Thus, we can not. evaluate either u\ or 
u-> before the other. IT we simplify our evaluator to do sequential evaluation of u\ and 
v-j, then the axioms might be slightly modified: we must essentially provide an axiom 
for each possible outcome of the result of evaluating uj. For a sequential evaluator, 
(C3) and (C-l) would be replaced by the following: 

(C3') cond * uvw = * 

(C4') cond(Xi.u)u|t;|t;2 = * 

(C3") cond a* uv = * if a is a numeral 

(C4") condo(Xi.u)ui«2 = * if a is a numeral 

So let us summarize what cond u\U2V\v>> means: "Evaluate u\ and uo in parallel. If 
they evaluate to equal numerals, then v\. If they evaluate to unequal numerals then v-t. 
If either one of them evaluates to a X- abstractions, then this is a run-time type error. If 
the evaluation of either one of them causes a run-time type error then we preserve that 
run-time type error." Notice that we leave unspecified what happens if the evaluation 
of both u\ and t*2 result in terms that are neither numerals nor X-abstractions, and do 
not cause type errors. Different models will do different things in this case. 

Definition: Let Tax he all instances of all the above axiom schemes except (/?). Let 
T be a set of equations between terms, and let u and v be terms. Let T r— u = v be 
the proof relation in classical X-calculus, i.e. u — v follows from T using just (/?) and 
the rules. Then we say T proves u = u if T\JTax r— u = t>. A set of equations T, 
between terms of AT is a theory if the set T\JTax i 8 a classical X-thcory (i.e. contains 
all instances of (/?) and is closed under application of the rules). A set of equations T 
between terms of AT is inconsistent if for every equation u = v, T \J Tax r— u = u 
(which is to say that T\JTax is inconsistent in classical X-calculus). Otherwise, T is 
consistent. 

Note that a necessary condition for T to be consistent, is that for all a\,a,2 € 
ACon, when a\ and a-i are different symbols, we do not have that T proves a\ =02- 
For if so, then if u = t; is an arbitrary equation, we can show that T proves u = v. 
First, by (C2) we have T proves condaja2Ut> = v. Next by repeated applications of 
(cong) we can show that 



7' proves cond a \a>uv = conda|0|ur . 

Hut by (Cl) we have T proves conda\d\uv = u, hence by repeated applications of 
(trans & sym) the result follows. 

3. Semantics 

We now define what a model for this language is, along with a denotational 
semantics [STOY77]. The model is a combinatory model as in [MEYER.82], with 
extra structure added to take care of the behavior of atoms. Combinatory models are 
models of classical X-calculus. Our semantics is also taken from the usual semantics 
of X-calculus. This approach is somewhat similar to defining a group as a first order 
structure satisfying some nonlogical axioms. Completeness of these axioms with respect 
to groups then follows from completeness of first order logic. In our case, the classical 
X-calculus and combinatory models are in the same relation to each other as logic 
would be to a first-order definable structure. The axiom schemes (E), (Cl), (C2), (C3), 
and (C4) correspond to the group axioms. 

First we recall the definition of combinatory model from [MEYER82]. These serve 
as models for the classical X-calculus. 

Definition: A combinatory model V is a tuple (D, -,e) where • is a binary operation on 

D, and there exists K,S G D such that 
(CM.l) For all d u d 2 € D, {K • d,) • d 2 = d t . 
(CM.2) For all d, , d 2 , d 3 £ D, ((5 • d, ) • d 2 ) ■ d 3 = (d, • d 3 ) • (d 2 • d 3 ) 
(CM.3) For all d lt d 2 e D, (c • d x ) ■ d 2 = di • d 2 . 
(CM.4) If for all d € D, d\ ■ d = d 2 • d then e • d x = e ■ d 2 . 

In what follows, we write did 2 for d\ • d 2 and did 2 - • -d n for (• • -(di • d 2 )- • • • d n ). 

Given a combinatory model V = (D, •, e), let i be an interpretation of constants, 
i.e. a map from C to D. Let Env = Var -♦ D. For p 6 Env, z € Var, and d € D let 
p{d/x} £ Env be that function such that 

p{d/x}(x) = d, and 

p{d/x}[y) = p{y), for y ^ i. 
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The function £? t , : MjC) -* lOnv -> D is the semantic function for X-tcnns in a 
combinatory model from [MKY1JH82]. As a notational convenience we write £*r,/ QtijJ/3 
as simply [ujp, when no confusion results. 

Definition: The dcnotational semantics for X-terms. 
(DS.l) I4p = i(e), for c € C. 
(DS.2) (z]|p = />(*)> for i € Var. 

(DS.3) Mp = (MpKHp)- 

(DS.4) [|Xx.u]]p = tS, where (5 € D is such that for all d £ D, 6d = |u]]p{d/z}. (By 
definition of e in a combinatory model, eS is independent of the choice of such 
a 6. Furthermore, it shown in [MEYER82] that such a 6 must exist if V is a 
combinatory model.) 

To serve as models for AT we allow only certain types of combinatory models and 
certain types of constant mappings, t: 

Definition: An atomic combinatory model (acm) A is a tuple: (Z), -, e, D A , *°, 7), where 

* D ,l£D and: 
(ACM.l) (D, •, c) is a combinatory model. 
(ACM.2) D A C D is a set whose elements are called atoms. 
(ACM.3) For all d € D, all a £ D A UK}, a • d = * D . 
(ACM.4) For all a € D A , all d u d 2 € A iaad x d 2 = rfi. 
(ACM.5) For all a t ,a2 G .D" 4 , <*i 7^ 02, »U <*i»<*2 € -D, 70102^1^2 = <*2- 
(ACM.6) For all d it d 2 , <*3 € Z>, 7 * D d x d 2 d 3 = id x * D d 2 d = * D . 
(ACM.7) For all d x ,d 2f d 3 ,d A € D, t{td\)d 2 d 3 d A = ld i (ed 2 )d 3 d i = * D . 

The subset D A of D will serve as values for the atomic constants, that is, they are the 
atoms of D. An acm is simply a combinatory model that satisfies the axiom schemes 
(E) and (Cl) through (C4), if *" = \*\p and 7 = |[cond]]p, for all p. That this happens 
is guaranteed by our choice of constant mapping functions t: 

Definition: Let A = {D, ; e, D A , * D , 7) be an acm. A function 

1 : Con (J ACon (J{cond, *} -► Z> 
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is called an interpretation if 

(1.1) t(cond) = 7. 

(1.2) *(*) = *". 

(1.3) i{a) € D A , for every a £ ACon. 

(1.4) t(oj) t^ i(a->) if a i and a> are different. 

Definition: Let V be a combinatory model and i : C -*■ D, a constant mapping. Let 
u,v £ A(C). Recall that Np,, u = v if for all /> € Env, |t/j]/> = |[t>]|/>. If T is a 
set of equations between terms of A(C), we write N=p i( T if ^£ t , t for all t € T. If 
r is a set of equations between terms of A(C), write T J= it = v if for all P and i, 
whenever N^, T then N^ u = v. If 7" is a set of equations between terms of AT, 
and u,v € AT then we say T semantically implies u = t; if TU^A' N= u = u. 

Definition: Let 2? be a combinatory model, and i : C -*■ D a constant mapping. Then 
define 

Th(P, t) = {u = u : u, v € A(C), Hp = \v\p, for all />} . 

The two theorems below are from Meyer [MEYER82]. 

Theorem: (Soundness Theorem for A(C)) If T r- u = v then T N= u = v. (From 
which it follows that for any combinatory model V and any constant mapping 
function i, Th(P, i) is a X-theory.) 

Theorem: (Completeness Theorem for A(C)) For any X-thcory T, there is a com- 
binatory model D and a constant mapping function i, such that 7 = Th(P, t). 
(From which it follows that for any set of equations T, if T N u = v then T h- 
u = v.) 

That our proof system is complete now follows directly from Meyer's results, just 
as in group theory we know that the axioms for groups are complete for the class 
of group by virtue of the fact that first order logic is complete. The axioms T\x 
correspond to the axioms for groups. 
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Theorem 3.1: (Soundness Theorem for AT) II* T proves u = v then T scmnntienlly 
implies u = v. (From which it follows that for any acm A and any interpretation 
/., Th(^,0 is a theory.) 

Theorem 3.2: (Completeness Theorem for AT) For any consistent theory T, there 
is an acm A and an interpretation t, such that T = Th(A,i). (From which it 
follows that for any set of equations T, if T semantically implies u = v then T 
proves u = v.) 

4. Reduction 

In the two preceding sections, we have presented a proof system and a notion of 
model, and shown that the proof system is complete for that notion of model. We now 
turn to reduction, which comes closer to the computational aspect of terms. 

What are the terms to be used for? We want to use the terms to write programs. 
In this section, we explore an interpreter for those programs. All that the interpreter 
cares about a term, is whether it is provably equal to a numeral. If so, its job is to find 
that numeral. 

With this is mind we introduce a notion of reduction. First, we define the notion 
of a context. 

Definition: A context is a term of AT with a "hole" in its parse tree. Formally, let 6 
be a new symbol. Then, a context, C[ ] is a term of 

A(ACon (J Con U( cond > *. ©}) • 

If tt is a term of AT, and C[ ] a context, then C[u] denotes the result of replacing 
without renaming bound variables, every occurrence of the symbol 8 in C[ ] with u. 
For example, if C[ ] = Xz.B, then C[x] = Xz.x. This is in contrast to substitution: 
[i/9]Xi.6 = \x'.x, where z' is a fresh variable different from i. 

Definition: A notion of reduction R is a binary relation between terms of AT. Given 
R, define the relation — *r as 



13 



{(r[t/],r[r]) : C\] is a context and (u, v) G It} ■ 

The relation is written in infix notation. If u — ♦// v we say u reduces in one step to v. 
The relation —*) { is the reflexive, transitive closure of — */(. If u ~*) { v then we say that 
u reduces to v, or r; is c reduction of u. \ 

Lemma 4. J: Let C[] be a context. If u —*/{ v then C[u] — ►/? C\v\. Also if u —*) { v 
then C[u] -** K C[v). 

Proof: If it -*n v then there exists (u', v') G R and a context C'[], such that u = C'[u'] 
and v = C"[u']. But then C[u] = C[C[v!]] and C[«] = C[C[v^. But then as C[C'[}] 
is also a context and by definition of — ►//, we have C\u] -*n C[v\. The other statement 
follows by induction on the number of steps it takes to reach v from u. | 

When u is reduced to v we can think of this as a computation step. If the notion 
of reduction is reasonable, then we are never lead down any "blind alleys," that is, if a 
term is reduced in two different ways to yield two different terms, then it is possible to 
reduce each of these terms to the same term. This is the definition of the Church- Rosser 
property, as defined in Barendregt [BAR80]. 

Definition: A notion of reduction R is Church-Rosaer if whenever a term u reduces 
to both v\ and V2, then there exists a term u' that is a reduction of both vi and V2- 

We will choose our notion of reduction so that it captures the proof system 
presented above (in a way that will be made precise) for a given set of equations T, 
and is Church Rosser. A set of equations T is called simple if they are of the form: 

(i) C]C2 = C3, where c,- € ACon U Con and c\ g'ACon, or 

(ii) c\* = *, where c\ £ Con. 

We also require that for every equation C1C2 = C3 in T, the equation c\* = * is also 
in T. If C1C2 = C3 £ T, we say that ci is an active constant, since then the reduction 
system has rules for applying it to arguments. A set of equations of this form, can be 
thought of as specifying the behavior of builtin functions on the numerals -and on each 
other. Requirement (ii) says that builtin functions cannot ignore type errors, i.e. if we 
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got a typo error while evaluating the argument to a builtin function, then the whole 
term is equal to *. 

Definition: Our notion of reduction R is 

Kn U «fc' U Rv i U R < -a U ft -a U ft ' i U «r , 
where 

/fy = {(tx, u) : u = v is an instance of axiom scheme /?} , 

similarly for all the other axiom schemes and 

R r = {{u,v):u = veT} . 
We will abbreviate —*Hp as —*p an ^ similarly for the other notions of reduction. 

We are working toward the following result: 

Theorem 4.2: (Church-Rosser Theorem for R) The notion of reduction R defined 
above is Church-Rosser. 

The following definition and two results are taken from Barendregt [BAR80]. 

Theorem 4.3: The notion of reduction R$ is Church-Rosser. 

Definition: Let R\ and R<i be two notions of reduction. We say R\ commutes with R2 
if whenever there exist terms u, vi, and v? such that u — ^ v\ and u —*)i 2 «2, then 
there is a term u' such that v\ —*ji 2 t*' and v% ~ ¥ % 1 t*'. 

Lemma 4.4: (Lemma of Hindley-Rosen): If R\ and R2 are two Church-Rosser notions 
of reduction, and Ri commutes with R2, then the notion of reduction Ri U#2 is 
Church-Rosser. 

The Lemma of Hindley-Rosen can be generalized to work for any number of notions 
of reduction: 

Lemma 4.5: If R commutes with Ri for 1 < t < n, then R commutes with U?=i ft- 
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Proof: Wc abbreviate U" 1 Ri by \J !{{. We must show that if v /f- reduces to v\ 
and u (|J/?,)- reduces to v->, then there exists v! which is an ft-reduction of j;_. and a 
(U ft,-)-rcduction of v\. The proof Ls by induction on the number of steps it takes to 
reduce u to v?. 

The base case is when it takes steps, i.e. v-> = u. Then the desired u' is just v\: 
by assumption it is an /^-reduction of u-j, and since it is equal to t*i it is certainly a 
(U i2,-)- reduction of v\ . 

Suppose now that the lemma is true when u reduces to v-i in k steps, we prove it 
for k + 1. Then we must have a term t/ 2 that is a ((J i? t )-rcduction of u in k steps, 
and without loss of generality we can assume that «!> i?i-reduces in one step to v-z 
(otherwise interchange the names of the Ri). Then by induction there is a term u" 
that is an i?-reduction of v' 2 and is a (U J2,)-reduction of v\ . But then as R commutes 
with Ri, there is a term u' which is an A-reduction of V2 and an i?i-reduction of v.". 
But since u" is a (U#i)-reduction of v\ and u' is an Bi-reduction of u", we have that 
v! is a (U Ri)- reduction of v\, so it is the desired u'. | 

Lemma 4.6: Let R\,...,R n be a sequence of Church- Rosser notions of reduction, 
where J2, commutes with Rj for 1 < t* < j < n. Then the notion of reduction 
R\ U • • • U Rn is Church-Rosser. 

Proof: Induction on n. For n = 2 this is the Lemma of Hindley-Rosen. Suppose the 
lemma is true for n < k. Consider now n = k. Then by the induction hypothesis, 
R\ U • • URk-i is Church-Rosser. However by the previous lemma i?t commutes with 
#iU"-Ufli-i- Hence by Hindley-Rosen, (#itl •••U#*-i)U#* is Church-Rosser, 
which completes the proof of the lemma. | 

Definition: A reduction relation has the diamond property, if whenever u reduces in 
one step to both v\ and V2, there is a term u' which is reducible in at most one step 
from both V] and V2« 

The next Lemma is from Barendregt [BAR80]. 

Lemma 4.7: If R has the diamond property then R is Church-Rosser. 
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Dtdinition: Let U be a notion of reduction. If (u. v) € /? then the term u is called a 
redcx and the term v is called its rcducl. When we refer to a rcdex r of a term u, we 
are referring to a particular occurrence of a redox r as a subtcrm of u. 

Let us consider now 

RK U «n U *T2 U «C-'3 U *CA U *T • 

This notion of reduction has the following reduction properties: 

1. A reduct is either a constant, or a subterm of the redex. 

2. If u is a redex of C[u], with reduct v, and C[u] is a redex with reduct w, then: 

2.1. If w does not contain u, then C[v] is also redcx whose reduct is w. 

2.2. If w does contain u, i.e. w — C'[u], then C[v] is a redex whose reduct is 

CM. 

This is enough to show that the above notion of reduction has the diamond 
property, i.e.: 

Lemma 4.8: R E U Rc\ U Ra U #C3 U #£?< U Rt »s Church- Rosser. 

Proof: We show that it has the diamond property. Suppose a term u has two redexes, 
ri and r^. Then there are two cases to consider: 

1. The redexes r\ and r-i are disjoint. In this case the redexes can be reduced in 
either order, yielding the same term. 

2. One redex occurs inside another. Without loss of generality, assume that r^ 
occurs inside r\. Then there are two subcases: 

2.1. The reduct of r\ does not contain ti> Then by the above reduction 
properties, if we first reduce ri and then reduce the resulting term, we 
get the same term as if we simply reduced r\ . 

2.2. The reduct of r\ contains r 2 . Then r\ is Cfa], and the reduct of ri is 
C'fr-j]. Suppose the reduct of r?, is r. Then if we first reduce r\ we get 
C[r2]. If we first reduce r-^ we get C[r\. But we can reduce Cfa] to get 
C7*[r] and by the above reduction propeties, we can reduce C[r] to C'[r\. 

Since this notion of reduction has the diamond property it is Church- Rosser. | 
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At this point we know that /fy is Church-Rosscr, and the rest of the notions of 
reduction, taken together, are Church-Rosscr. We will show that all the notions of 
reduction, taken together, arc Church-Rosscr, using the lemma of Hindly-Roscn. So 
we must establish that 7fy commutes with the rest of the reduction notions. By Lemma 
4.5, it suffices to show that /?,< commutes with all the other notions of reduction. 

Just as we used the diamond property to show that a notion of reduction is 
Church-Rosser, we define a property of two notions of reduction that will insure that 
they commute. The definition and the following lemma are taken from Barendregt 
[BAR80]. 

Definition: Two notions of reduction, R\ and 11%, have the cross diamond property, if 
whenever there are terms u, v\, and V2, such that u R\-red\ices in one step to «i and 
R'ir reduces in one step to v-2, then there is a term u' that is R\ -reducible from V2 in at 
most one step, and is /^-reducible from v\ (in any number of steps). 

Lemma 4.9: If two notions of reduction have the cross diamond property then they 
commute. 

Now we can show that Rp commutes with all the other notions of reduction by 
showing that Rp and each of the other notions enjoy the cross diamond property. 
Unfortunately t to show this is rather tedious, it being a case by case analysis of how 
redexes can overlap. Therefore, we will show one case, the rest are similar. 

Lemma 4.10: Rp and i?£ commute. 

Proof: We show that they have the cross diamond property. There are two cases. 

1. A /3-redex occurs inside an iS-redex. Then the jE-redex is of the form uC[(\x.v)w], 
where u 6 AConU{*}- If we do the E-reduction first we get *. If we do the 
^-reduction first, we get uC[([»/t]u)], which is an 2£-redex with reduct *. 

2. An 2?-redex occurs inside a /3-redex. Then there are two subcases: 

2.1. The 0-redex is of the form [\x.w)C[uv], where u € AConU{*}- Then 
if we first do the J?- reduction we get (Xx.tt»)C[*], and we can then do 
a ^-reduction to get [C[*]/x]u>. On the other hand if we first do the 0- 
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reduction, wo get [C'[ut>]/x]ii;, and wo can then do a scries of E- reductions, 
one for every free x in w, to ultimately yield [C7[*]/x]ii;. 
2.2. The /?-redcx is of the form (Xx.C[ur])w, where u € AConU{*}- Then 
if we E- reduce first we get (Xx.C[*])u', and we can then /9-reduce to 
get [tu/x](C[*]), which is C'{*\, where C'[] is the result of renaming the 
bound variables in C[] and substituting w for free occurrences of x. On 
the other hand if we /3-reduce first we get [tw/x](C[uw]). Now this is equal 
to C[ut/], where v' is the result of substituting w for all occurrence of x 
in v that are free in C[uv]. But as uv' is an E-redex, we may reduce it 
to get C"[*], as before. 

This shows that J?/.; and R/j have the cross diamond property, and therefore commute. 



Theorem 4.2 now follows from Lemma 4.3, Lemma 4.8, Lemma 4.4, and Lemma 
4.10 (and the other omitted cases). 

Theorem 4.11: If T is a simple set of equations, then T r— it = v if and only if there 
is a term w that is reducible from both u and v. 

Proof: Suppose w is reducible from both u and v. Since all the notions of reductions 
are instance of axiom schemes or equations in T, by rules (cong) and (£), if u reduces 
to u' in one step then T h- u = u', hence by rule (trans & sym) if u reduces to w 
then T r— u = w. Then if w is reducible from both u and v then Tr-u = «i and 
T r— v = w and then by rule (trans & sym), T r— u = v. 

Conversely, suppose T H~ u = v. We use induction on the length of proof. If the 
length is 0, then u = v is either an instance of an axiom scheme, or an equation in T. 
In either case u reduces to v in one step, so the desired term w is just v. Otherwise, 
u = v follows via a rule, from equations that have shorter proofs. We consider one 
rule at a time. 

(trans & sym) Then T r- r = u and T r— r = t; for some term r. By induction, 
then, there are terms wj reducible from r and u and t«2 reducible from r'and v. But 
since wi and W2 are both reducible from r, by the Church-Rosser property there is a 
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term w reducible from both u»i and u>_>. Hut this term is then reducible from both « 
and v. 

(£) Then u is of the form \x.u' and v is of the form \x.v', where T r— v! = r'. Hy 
induction, then, there is a term w', which is reducible from both u' and v'. But then 
the term w = Xi.iu' is reducible from both u and u, by Lemma 4.1, using context 
Xx.9. 

(cong) Then u is of the form u\u-> and v is of the form v\V->, where T r— tt| = t>i and 
r r— U2 = v->. Then there exists terms ivi and u>> such that u/ t - is reducible from both 
u t - and v,-. Then from Lemma 4.1, using context ujS, we get that uitU2 is reducible 
from u\U->. Again using Lemma 4.1, with context Qw->, we get that w\w> is reducible 
from uiw-2. Hence w\W2 is reducible from u\u->. Similarly, we can show that Wiw-2 is 
reducible from v\V2, so w = wiw>2 is the desired term. | 

5. Evaluation 

If, as remarked above, we view reduction of a term as a computational step, the 
results of the preceding chapter tell us how to build a naive e valuator for our language. 
Namely, start with a term and try all possible reduction sequences. If we arrive at a 
term that can no longer be reduced, then stop. The Church- Rosser theorem guarantees 
that this term will be unique. 

However, this evaluator is a bit unsatisfying. First of all, since we must remember 
the state of several reduction sequences at once, its demands on memory are great. 
Secondly, it will be slow, since it is doing breadth-first search of a tree, without using 
any heuristics to narrow down to the goal. And lastly, it gives us no insight into what 
a run-time type error is, since it might do several ^-reductions, and ultimately arrive 
at a term which is not *. 

All that we require of an evaluator is that if a term is provably equal to a numeral 
from T (by Church-Rosser theorem, it must therefore reduce to that numeral) then 
the evaluator will find that numeral. We don't care what the evaluator does with a 
term that is not equal to a numeral, just so long as it doesn't return a numeral. That 
is all that we require. However, there are certain things that we desire. One is that 
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the evaluator terminate on as many terms as possible. Second is a notion of type error 
that coincides with the use of * in the axioms (of course, this is the chicken and egg 
phenomenon). 

As was remarked in Chapter 2, the parallel nature of cond will complicate things, 
since the evaluator cannot simply evaluate one arm or the cond before the other. In 
fact, if we were using the sequential axioms, (C3'), (C4'), (C3"), and (CA"), then the 
evaluator which always reduces the leftmost redex would be normalizing, i.e. if a term 
u was equal to a term v which had no redexes, then this evaluator would reduce u to 
v. 

Unfortunately, life is not so simple, and we cannot get away with such a simple 
evaluator. Due to the parallel nature of cond, we are forced to consider a parallel 
evaluator, that is, an evaluator which at every step reduces a set of disjoint redexes 
(since the redexes are disjoint, the order in which they are reduced does not matter, 
indeed, they may reduced at the same time, which is why the evaluator is called 
parallel). Parallel evaluators were considered by [L.EVY80]. 

Definition: A term of the form conduiU2"3 u 4 is called a cond-expression. 

We now describe the evaluator EVAL : AT -+ AT. If u is a term of AT, EVAL(u) 
is a term which is reducible from u. If EVAL(u) = u then the evaluator is said to halt 
on u. The evaluator is repeatedly applied until a term is reached where it halts. This 
process is called EVAL-uation. 

Definition: The evaluator EVAL: 

1. If u is a redex, then EVAL(u) is its reduct. 

2. If u is a cond-expression conduiu<2ViV2 then 

EVAL(u) = condEVAL(ui)EVAL(u 2 )vii>2 . 

3. If u is Xi.u then EVAL(u) = Xz.EVAL(v). 

4. If u is itiu 2 , where ui € Var(jCon then EVAL(tt) = tiiEVAL(u 2 ). 

5. If u = (u]ii 2 )u2 then EVAL(u) = EVAL(uitt 2 )ti 3 . 

6. Otherwise EVAL(u) = u. 
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In English, EVAL works as follows: it looks for the leftmost redox or cond- 
exprcssion; if it is a redcx, it reduces it, if it is a cond-expression, it calls itself recursively 
on the two "arms" of the cond-expression. 

Normalization Claim: EVAL is a normalizing evaluator. That is, if u = v is 
provable from T and v has no redoxes (is in normal form), then the EVAL-uation of 
u yields v, and if EVAL(u) = u then u is in normal form. 

It is hoped that this can be shown using some notion of standard reduction, in the same 
way that the Standardization Theorem is proved for classical X-calculus [BARSO]. At 
present, there was not time to prove this claim. 

Even though EVAL is normalizing, it is still not the evaluator we want for AT. 
Recall that all we required of an evaluator is that if a term was equal to a numeral, it 
found that numeral. Since numerals are normal forms, and EVAL is normalizing, it 
accomplishes that goal. But it will not terminate on lots of term which we can be sure 
are not numerals, for example 

u = \x.{\y.yy)(\y.yy) 

has no normal form, so the EVAL-uation of u will never stop, yet since u is a X- 
abstraction, it can never be a numeral. To fix this problem, we modify EVAL so that 
it never looks inside a X- abstraction. 

Definition: In a X-abstraction Xx.u the term u is said to be the scope of the X. 

Definition: The evaluator EVAL' is defined as follows: 

1. If u is a red ex, then EVAL'(u) is its reduct. 

2. If u is a cond-expression condu]U2ViV2 then 

EVAL'(u) = condEVAL'(ui)EVAL'(u 2 )t;ii;2 . 

3. If u is U]U2. where ui is an active constant then EVAL'(u) = uiEVAL'(u2). 

4. If u = (uiu 2 )u2 then EVAL'(u) = EVAL'(uiu 2 )u3. 

5. Otherwise EVAL'(u) = u. 
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The difference between EVAL and EVAL' is that EVAL' does not reduce inside 
X- abstractions and it only evaluates arguments of live constants, since otherwise it 
knows that it has no rules for reducing the application. Although ICVAL' is now no 
longer normalizing (since it halts on Xx.(Xy.y)x) it still has all that wc required of an 
evaluator: 

Theorem 5.1: If u = v is provable from T and v is a numeral, then the EVAL -uation 
of u yields v. 

Proof: We know by the Normalization Claim that the EVAL-uation of tt yields v. 
Now if clause 3. is used in the EVAL-uation, then on the next pass it must be used 
again, since no new redexes or cond-expressions will be created outside the X. So a 
numeral cannot result. Similarly, clause 4. will never be used when ui is not a live 
constant, since that would result in clause 4. being used again on the next pass, as 
nothing new will be created to trigger clauses 1., 2., or 3. Hence the EVAL-uation of 
it is also an EVAL'-uation and hence the EVAL'-uation u yields v. | 

We now can explain what a run-time type error is, in terms of the evaluator EVAL . 
We say that EVAL' encounters a run-time type error on term u, if in the EVAL -uation 
of tt, rule 1. is applied to an (E)-redex or to a (C4)-redex. 

Theorem 5.2: Let tx be a term which does not contain *. Then EVAL' encounters a 
run-time type error on term it, if and only if tt = * is provable from T. 

Proof: Certainly if u = * then by Church-Rosser it is possible to reduce u to *. 
However, since (E) and (C4) are the only reduction rules which create an *, one of 
these must be used. Also, by the same reasoning as Theorem 5.1, the evaluation of u 
will result in *. Hence, one of the above redexes must be contracted. 

For the converse, it suffices to show that if EVAL'(tt) results in a type error then u = *. 
We argue by cases, on what clause is used to handle EVAL (tt). 

1. If a type-error results then the redex is either an (E)-redex or a (C4) redex. Then 
the reduct is * so u = *. 

2. Then tt = condttiU2Vit>2 ^^ either EVAL'(tti) or EVAL'(u 2 ) results in a type 
error. By induction, then either uj or uo is equal to *. Hence tt = *, by (C3). 
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3. Then u = u\u> and KVAL'(m;») results in a type error. Then by induction 
u-> = *. So by the restrictions on T, U\* =■ * £ T, so u = *. 

•1. Then u = (uiti->)u;i and KVAL'(u|Uj) results in a type error. Hy induction, 
then, u\u-> = * so by axiom scheme (E), u = *. 

5. This cannot cause a type error. 

6. Expressive Power 

In this chapter, we study the expressive power of a particular language of the type 
we have been discussing. In particular, we fix the constants and the set of equations 
T, and ask what functions we can represent. Let the language LAM be the language 
defined in chapter 2, with the following choice of constants: 

ACon = {a : n = 0, 1, 2. . . }. 

Con = {Sacs}. 

Let the language LAM be the language LAM, without cond. 

For both LAM and LAMo, the set of equations T will be 

{Succ n = n+ 1 : n = 0, 1, 2, . . . }. 

Definition: Let / be an n-ary partial function over the natural numbers. We say that 
/ is numeral represented by a term u, if 

whenever /(t'i, . . . , i„) = j then T Y- ui^- • -ij, = £ , 

and 

whenever f(i\, . .., i n ) is undefined then T \f~ ui^- • -i^ = j, for any j. 

Definition: The Church numeral n is defined as follows: 
Q = X/Xi.z 
E = \f \x.fWz, for n > 0. 

We also define what it means for a term to Church-represent a partial function: simply 
replace i by i in the above definition. 

Theorem 6.1: The Church-representable partial functions are exactly the partial 
recursive functions. 
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Proof: See Darendrrgl [BAR80]. 

We show that we can translate between ri and n using terms, and therefore: 

Theorem 6.2: The numeral representable partial functions are exactly the partial 
recursive functions. 

This follows after a few lemmas. 

Lemma 6.3: ([BAR80]) There is a term Succ such that for all n, Succ n = n + 1 . 
Proof: An immediate corollary of Theorem 6.1. In fact the term 

Xy \f \x.f{yfx) , 
will serve as Succ as is easily shown by induction. | 

Lemma 6.4: ([BAR80]) There is a term Y (Curry's Paradoxical Combinator) such that 
for all u, Yu = u(Yu). 

Proof: Y = X/(Xz./(xz))(Xz./(zz)), since 

Yu = (Xi.u(xi))(Xi.u(zi)) = u((Xx.u(zz))(Xz.u(zz))) = u(Yu) . | 

Lemma 6.5: There is a term Pred such that for all m > n > 0, 

T \— Pred mn = m — 1 . 

Proof: We can write a recursive definition for Pred as follows: 

Pred xy — condz(Sjic£y)y(Pj£dz(Sji£c.y)) . 

In "programming" terms, we check if z is the successor of y, if it is we return y, if not 
we increment y and try again. The program must halt if z > y. Writing the above 
equation another way, we get 

Pred = (X/ Xz Xy.cond z(Sacxy)y(/z(Sn££y)))Erfid . 

Then by the previous lemma, the term 

Pred = Y(\f Xz Xy.cond z(Succ y)y(/z(Succ y))) 
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will behave a,s desired, as can be checked by induction. | 
Lemma 6.6: There are LAM terms u and v such that for all n 

T r— un = n and T r— vn = n ■ 
Proofr The term v is simply Xi.xSa.cc Q, since then 

vn = n Slice Q = 3uc£ (n) Q = n • 
The terra it is more complicated. Again, we write a recursive definition: 

ux = cond zQ(fl)(SH£fiMElffiix))) , 
or equivalently, 

u = (X/Xx.condxQ(Q)(Sacs(u(Eiedx))))u , 
so again we see that 

u = Y (X/ Xx.cond xQ(a)(Sa££(u(Ereiix)))) 
will work, as can be verified by induction. | 

Proof of Theorem 6.2: Let / be an n-ary partial recursive function. Then by 
Theorem 6.1 there is a term h which Church- represents /. Let u and v be as in the 
preceding lemma. The the following term will represent /: 

Xx r • -x n .u(/i(uxi)- • -(ui,,)) . 

By switching the roles of u and t; we can show that every representable function is 
Church-representable. | 

So using LAM, we can represent all the numeric functions that we can hope the 
represent. We explore now, what the situation is if cond is not allowed, that is, what 
functions are representable by terms of LAMn. 

Definition: Let tfj 1 be the function of n arguments whose value is the ith argument, 



i.e. 



<(x,,...,if,) = z t -. 
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Kor all natural numbers n, let a„ be the function of one argument that adds n to its 
argument, and let k v be the function of one argument who value in n, i.e. 

a„(x) = i 4- n 
k n {x) — n . 

Let w be the unary function that is undefined everywhere. 

Lemma 6.7: The functions u> o tt", /c t „ o it", and a m o 7r" are representable by LAMo 
terms, for all natural numbers m, n, and i with 1 < t < n. 

Proof: First note that if an n-ary function / is represented by a term F, and a unary 
function g is represented by a term G, then the n-ary function g o / is represented 
by Xz.G(Fz). Hence it suffices to show that the functions it", w, k n , and a n are all 
representable. But 7r" is represented by Xxp- -x n -Xi, k n is represented by Xx.n_, a n is 
represented by Xz.3ji£cj n 'a:, and u is represented by ((Xx.zz)(Xx.xz)). 

We will show that these simple functions are all the functions that can be rep- 
resented by terms of LAMo- To do this we must analyze the nature of reductions. 
Let R' be the notion of reduction R above, restricted to terms of LAMo, i- e -j -R' = 
RpURsURr- 

Lemma 6.8: Let R'^ T = R^\JRe- If there are term u and v of LAMo such that 
tx — >fi, «,.then there exists a term w, such that u — ►* T w and w —*j v, in other 
words, we may postpose T-reduction to the very last. 

Proof: We will show that T-reduction can be "moved past" the other two types of 
reduction, i.e., if 

10] — *? U/2 —*p U>3 

then there is a term w\ such that 

w\ -*$ w\ — ••r t«3 , 

and similarly for R^. In other words if a T-reduction occurs before either a /?- reduction 
(or an i£- reduction), then we can replace those two reductions by a ^-reduction (E- 
reduction respectively) followed by a T-reduction. To see this, note that a T-reduct 
is a single constant, therefore cannot contain a /?-redex or an J3-redex. Therefore any 
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/9- redoxes or /T-rcdcxes in the reduced term must, be disjoint with the original T-rcdcx, 
so the reductions could have been carried out in reverse order. | 

Definition: Let ci.c-j,... be new constants of ACon. A term which includes these 
constants is said to be a generalized term. If u is a generalized term and / is any total 
unary function on the natural numbers then we write f(u) to mean the term of LAMq 
which results from u by replacing each constant c, by /(i). If f(u') = u for some / 
then we say that u' generalizes u. 

Lemma 6-9: Let / be a total unary function on natural numbers, 
(i) If (u, v) E R^t then (/(u), f{v)) € R-,t- 
(ii) If u -*-,t v then f(u) -+-,r /(«)■ 
(Hi) If u -+* r v then f(u) —»*7\ /(«)•' 

Proof: It suffices to show (i). For then, if u -*-,t v then there is a context C[ ] such 
that u = C[u Q ], v = C[vq], and (uo.vq) € R-,t- But then by (i), (/(uo), /(«o)) € R-,t 
and since /(u) = /(C*)[/(u )] and /(w) = /(C)[/(v )] we have that f[u) ->vr /(«), 
showing (ii). To show (Hi), we proceed by induction using (ii). 

To show (i), we proceed by cases. If (u, v) € Re, then u is of the form cuq where 
c 6 ACon U{*}, and v = *. Then /(u) is of the form c'/(uo), where c' is either c or a 
new constant c t -, and f(v) = *. But as c, G ACon, we again have (/(u),/(v)) € #£■ 

If (u,v) £ Rfi, then u = (Xz.tio)wo, v = [v /z]uo- But then /(u) = (Xi./(u ))/(«o) and 
/(«) = [/M/*]/(«o). Hence, (/(«), /(«)) € fy. ■ 

Lemma 6.10: Suppose it and v are LAMo terms, / is a total unary function on 
natural numbers and /(u') = u. Then: 

(i) If (u, v) € R-,t then there exists a term v' such that /(«') = u and (u', t/) € R-.T-. 
(ii) If u —►-,7' v then there exists a term v' such that /(«') = u and v! ->-,r u '- 
(Hi) If u -**7- v then there exists a term v' such that /(t/) = u and v! -*l,f v'. 

Proof: Again, by a similar argument it suffices to prove (i). We show (i) by cases. 

If (u, v) € Re then v = * and u is of the form cuq, where c € ACon U{*}- Then v! 
must be of the form c'u' Q , where f[u' Q ) = uo and c' is either c or some newxonstant c,-. 
Let u' = *. Since c,- 6 ACon, in either case we have {u',v') G Re, and f(v') = u. 
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If {u,v) e R t h then u = (Xi.« u )t'o, and v = [wo/*N- Then u' must be of the form 
(Xx.uJK, where /(u„) = u„ and /(«{,) = « . Let w' = K/i]m{,. Then («', «') <E ify 
and /(«') = v. | 

Theorem 6.11: The functions u;o7r?, fc,„07rj\ and a,„o7r?, for all natural numbers m, 
n, and i with 1 < i < n, are the only functions represcntable by LAMo terms. 

Proof: Suppose an n-ary function g is represented by a LAMo term G. 

Case 1: g(0, . . . , 0) is undefined. Then GO- • Q does not reduce to a numeral. Suppose 
g{h, ■ ■ ■ , in) = m for some (i\, . . . , i„). Then Gtj/ ■ -in reduces to m- Then by Lemma 
6.8 there is a term w such that 

Gi^ • 'ijj, —**-,? w an< ^ 
w —*t 221 • 

But since the only T- reduction is of the form Succ n = n + 1 , the term w must be 
of the form Succ ^t for some natural numbers p and i, such that p + i = m. Define 
functions f\ and fa on natural numbers by /i(i) = x, h{*\ = 0- Consider now the 
term G' = Gc M •••<:;„. Then /i(G') = Gii---^. By Lemma 6.10 there is a term w' 
such that G' -< T w' and /i(w') = SuccK". Then w' is either SjiC£ (p) i or Sji£c_ (p) c t -. By 
Lemma 6.9, / 2 (G') ->-,r .feK)- But hi. G ') = Go -- ' °-> and /2K) is either Su££ (p, i or 
Succ ^0 T contradicting the fact that GQ- • Q does not reduce to a numeral. Hence g is 
undefined at all argument, so is equal to u o jr " for any i. 

Case 2: g(0, . . . , 0) = m. Then GQ- • Q reduces to m- As before, this means that there 
is a term w such that 

GQ- • Q -►* T w and 
W -+t &k, 

which means that w is sW p) i. Let G' = Gc v --c n . Then / 2 (G') = GQ- • Q. By 
Lemma 6.10, there is a term w' such that f2{w') = w and Gci- • -c„ -+* r u/. But tt; is 
then either SjiccJ^i or if i = 0, w' can be Succ ^cy, for some ;', where 1 < j < n. 

Now consider ff(i'i,. ..,i B ). Let / 3 be defined by / 3 (i) = i x , for 1 = l,...,n, 
otherwise anything at all. Then /3(G') = Gi^- • -i^. Then be Lemma 6.9/, we must 
have Gi]/ • -i^ -**-,t h{ w ')- 
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If w' = Succ''''z, then /;<(«/) = Sucr'''% so g(i\,...,i„) = i. Hence we have shown 
that g is the function fc,- o 71^ for any j. 

Otherwise w' = Succ'^'Cj. But then j;\{w') = Succ' , ''tj. Hence g(i\, . . . ,i„) = ij + p, 
so g is the function a p o 7r''. | 

7. Conclusion 

The result of all of the above is that we have achieved a harmonious match 
between a proof system for equality, a denotational semantics and an evaluator. The 
completeness theorem tells us that a match exists between syntax and semantics: our 
proof system proves exactly those equations which are valid in all models. Also, the 
axioms match the evaluator: the proof system proves equations u = v, where v is a 
numeral iff the evaluator can drive u to v, also, a *-free term it is provably equal to 
*, iff the evaluator encounters a run-time time error during the evaluation of u. Thus, 
the intuituion of * as a notation for run-time type errors is justified. 

One would like, at this point, to begin to make extensions to the language, while 
trying to keep this match intact. There are several ways to extend. Of course, the 
Normalization Claim needs to be proved, and beyond that, there is the question of how 
to lift the restrictions on T (i.e. the simpleness restrictions) in such a way that leads 
to a Church-Rpsser reduction system, and an evaluator which behaves properly with 
respect to *. For instance we might want to allow equations of the form c\C2. . . c n = c 
into T, to better model functions that take more than one argument. 

Another extension is to examine systems where the atomic elements have some 
structure. For example, in LISP, lists of atoms, such as (3 4 5) are terms which should 
behave like numerals with respect to application. Another structure construct that 
"would be useful is Cartesian product. However, it is a result of Klop [BAR80] that the 
usual axioms for surjective pairing: 

left pair x y = x 

right pair xy — y 

pair (left i)(right x) = x 
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arc not Church-Rosscr, when combined with (/?). It is not completely clear however, 
whether or not it is possible to devise a Church-Rosscr reduction system whose theory 
of equality is the same as that of {0) plus the surjective pairing axioms. 

Another direction is to look at systems that have some machinery to tell atoms 
from non-atoms. The cond construct almost does the trick, but not quite. Let u = 
Xx.condxrryy; if we apply u to a numeral we will get back y, while if we apply u to 
a X-abstraction we will get *. If we apply it something that is neither a numeral nor 
a X-abstraction, the result will depend on how strong the T-axioms are, i.e. how few 
applications are normal forms. Still, if we apply it to something whose evaluation 
doesn't terminate then we get no information. 

Another construct that we might consider is 

caseuviV2 • 

This construct comes up when we are considering models that are disjoint sums, i.e. if 
we are given a domain A of atoms, we seek a domain D such that D = A + (D — ► D). 
The intended meaning of caseuvit;2 is 

v\{a), if u = inl(o), for some a € A, 

v 2{f), if u = inr(/), for some / € (Z> — ► D), 

where inl and inr are the injections into D from A and (D — ► D), respectively. 
However, we may also run into Church-Rosser difficulties here, since the desired axioms 
for case: 

case (inl i) fg = fx 

case (inr x)fg = gx 

case i(fto inl) (h o inr) = hx 

are very similar to those for surjective pairing, if fact, they are the category theoretic 
dual. 

If in fact the surjective pairing axioms, and the case axioms cannot be captured 
by a Church-Rosser reduction system in the untyped X-calculus, work needs to be done 
on how these axioms can be weakened to yield Church-Rosser systems that "still capture 
the "intuition" of pairing and case. 
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